VPN/ Exchange Server Windows 2008 R2

Hello Folks,
I am planning to set up VPN services . I would like to know how to set up VPN in Windows 2008 R2. Is it as simple as enable RRAS services? Or do i still need a VPN software like Open VPN , or CISCO VPN client, to do that ? Can i set up VPN service, if i simply have a server !!!! And about the exchange server. Can i create email accounts and host my own emails without having to buy User CAL's. I would really like to know how exchange server works?

Thanks
Bharat

Exchange requires a standard or enterprise (per server) version to be purchased plus cals standard or enterprise (per user or machine) as well to be legal.

2008 R2 can be configured as a vpn yes. You can configure either a PPTP or SSL VPN. PPTP is older and doesn't support older routers so i'd go the SSL route.

Better yet we don't really use VPN's anymore Terminal Server RemoteApps(virtual applications) with terminal server gateway/NAP (for security) is a really cool option. This will work great UNLESS you have applications on client machines that don't support remoteapps that need their own vpn access(out of the office) to "sync". If so then you certainly need a VPN.

If you only have 1 server then I hope you have 2008 r2 Small business server. Installing exchange requires active directory and installing active directory AND exchange on the same box is not supported (except for SBS). So if you don't have enough server hardware to install these on separate boxes your going to need SBS or virtualization. Hyper-v is a great option if you have 2008 r2 already vmware is also very nice.

I'm making alot of assumptions here because I don't know what you have for hardware/software.

Hey Bublitz.
Yes about this CAL's if some companies with say 1000 employees are using exchange, that mean for each one to have an email , there needs to be a user CAL for each of them?

We have an exchange server 2008 R2 and we would like to have VPN connect to it all we have is a Linkysys router , so let me get this straight , we could use this server as an endpoint rigth????? That is if i let the router to passtrhough the VPN traffic. Is there any document to set up VPN access the router. I mean to say do we need to have a VPN server, or can the server alone be used as an end point.

Thanks
Bharat

1 Server Licence would need to be purchased and then yes 100 user cals as well purchased. You have have 200 users in active directory but maybe only 100 have an exchange mailbox. So if a user is going to use e-mail they will need a cal.

Just to ask here do you want a VPN just so users can get e-mail from outside the office or do you need the VPN just so people can access files from outside the office? If its just to get remote e-mail then exchange has that capability since version 2003. Exchange 2010 has the feature "Outlook Anywhere". This works awesome without any VPN overhead.

Yes 2008 R2 can be the end point SSL VPNs use port 443. So you will just need to forward that port in the router to your server. If you have something using that port already you'll have to change the port or better yet buy a better router that can handle multiple incoming static IP addresses.

SSL VPN setup. Try these multi Part articles (linked part 1). I can say that windowssecurity.com does awesome articles. The author Thomas Shinder although rather creepy looking does tons of great articles. The second article ditii.com i've never used, but its nice to have multiple refrences.

www.windowsecurity.com/articles/Configur...PN-Server-Part1.html

www.ditii.com/2008/01/08/windows-server-...l-vpn-server-part-1/

I would like to also add what ever server your putting this VPN on DO NOT put it on a Domain Controller. Creating a VPN creates a "virtual Adapter" that then gets put into DNS. Clients then try to connect to that ip when loggin on the domain or checking security ect... It is an absolute pain to run a mutli homed domain controller.

Hey Bublitz...
That was helpful..... But could you ( or someone) tell me how do i trust my VPN connection... How do i test the security... of it. It is often said that SSL VPN is much more secure. But still i have some reservations about using VPN.... How do i test the security of a VPN tunnel.

Thanks
Bharat

hmm I've never done this. When I buy my certs from godaddy I make sure its the best they have to offer (currently 256 bit).

An SSL VPN uses the same type of security your web browser uses. So since its basically just a secure website you can use online tools to test the "web address" of the ssl "site".

Try this site once your vpn is setup.

www.ssllabs.com/

I would think it would still work.

SSL is pretty secure the web relies on it. Brute force....alot of it, Infecting either the server and client, or Man in the middle attack with ssl strip is the only way I know of hacking it.

HAK 5 did an episode on SSL strip. This would require someone to be on the same network as your client improbable not impossible.

revision3.com/hak5/mitm